Phishing Subsets: Vishing, Smishing

Wednesday, December 28, 2011 @ 03:12 PM gHale

Phishing is a well known term and for the most part, users understand it means an attack using a trustworthy name to entice a recipient to download a malware loaded missive, but there are now two related ploys out there, vishing and smishing.

Vishing is a variant of phishing, with its name coming from a combination between the words voice and phishing, said The Windows Club.

Vishing attacks are the ones where an unsuspecting user gets a call via phone by someone who pretends to represent an important organization such as a bank or a utility company. In these situations the bad guys request large amounts of personal information that’s needed for certain operations, financial or otherwise.

An alternative to this method implies an email which urges the recipient to call a certain phone number. Usually these emails come with threats and they’re more advantageous for the cyber criminals since they don’t have to pay for the calls they make.

On the other hand, smishing involves, as you would guess, SMSs. In these types of schemes, the victim receives an SMS saying he (or she) ended up automatically enrolled in a paid service.

In order to terminate the subscription, the recipient has to visit a URL and click a certain button, which instead of canceling the phony subscription, downloads a piece of malware infecting the phone. From here on, keyloggers or premium-SMS-sending Trojans are free to do as they like.

The secret to avoiding these malicious plots is never to panic, no matter how absurd the messages or phone calls are. If you suspect that the call or the email may be legitimate, contact the company involved yourself, but never use the contact details provided by the person that’s on the other end of the line.